from the as-transparent-as-he's-forced-to-be dept

Months after he left office to become Trump's running mate, former Indiana governor Mike Pence is finally releasing emails from his personal AOL accounts. This sort of thing would normally be reserved for only the wonkiest of public records wonks, but the Trump campaign spent a great deal of time deriding Hillary Clinton for using a personal email account to handle official State Department email.

It's slightly more of a big deal, thanks to Pence's efforts to keep these emails from becoming public. He went to court late last year to protect the content of certain emails from being released. Pence's lawyer actually argued the court had no business telling the governor's office what can and can't be redacted. So much for the idea of checks and balances.

Pence attorney Karoline Jackson said in a recent email to the state's legal counsel that “a complete electronic production of state records" from Pence's time as governor had been delivered to the state as of June 23.

The office of Pence's successor, Gov. Eric Holcomb, said the records consist of state-related emails from two AOL accounts Pence used as governor.

"Our office is now in the process of reviewing the records, and we anticipate being in a position to provide copies of records that are responsive to pending (public record) requests soon," Holcomb spokeswoman Stephanie Wilson said.

So, according to his own spokespeople, Pence will finally be complying with the state's public records law. Not that he didn't try to be a dick about it.

Previously, Pence had only provided some of his AOL emails to the state, and those he did provide were in paper form, making them difficult to search.

Fortunately for those requesting the emails, the new, full batch will come in electronic form, which will greatly assist them in finding the contents they're interested in. According to the WHAS11 report, there are more than 50 open records requests targeting Pence's AOL emails.

While this doc dump will result in far more transparency than Pence is used to, there are still some concerns about what's being withheld. Rather than have his former office review the emails before turning them over to requesters, Pence had his private lawyer take a look at them instead. That's not really the way things are supposed to work for public officials. This will make redactions and withheld documents more difficult to challenge, as there's another layer -- a non-government layer -- of vetting separating requesters from their requested documents.

There's also a good chance whatever's being looked at is incomplete. Public officials who use private email for official business are supposed to forward all work-related emails to government servers for storage. At this point, there appears to be no indication Pence has done that. Instead, a privately-employed lawyer has been picking through what's left in two private AOL accounts and everyone involved is claiming, without supporting evidence, they're living up to the letter and spirit of Indiana's open records laws.

from the no-more-hiding-behind-clunky-software dept

For months now, the NYPD has been arguing in court it can't possibly hand over records related to its forfeitures. The problem appears to be the NYPD itself. The department spent millions on new software specifically to track the disposition of seized items. But when faced with a public records suit by the Bronx Defenders, the NYPD claimed the software can't do the one thing it's supposed to do: track the disposition of seized items.

The NYPD provides limited reporting on forfeitures, but the numbers produced have almost zero relation to reality. According to the NYPD, it only forfeited $12,000 in cash in 2015. According to numbers obtained by the Bronx Defenders, the NYPD's forfeiture office had nearly $69 million in cash on hand when queried in 2013 -- something that would take 5,750 years to amass at the rate cited by the NYPD. Not only that, but other documents showed NYPD property clerks were processing thousands of dollars every month, totaling $6 million in forfeiture transactions in 2013 alone. It seems unlikely the NYPD's forfeitures dropped to this impossibly-low level between 2013 and 2015.

But still the NYPD insists it can't make its cradle-to-grave forfeiture-tracking system produce the stats Bronx Defenders are looking for. It needs to figure out its issues soon. The city council is calling the NYPD's bluff.

The bill, which is expected to pass this afternoon, will require the NYPD to release annual reports on how much they seize from New Yorkers during stops and arrests and through the use of civil forfeiture, and account for what happens to the assets after they’re in custody.

"This first-of-its-kind transparency bill will shed light on the reasons why the NYPD has seized someone's property, whether revenue is generated from property seizure, and if an individual has been able to get their property back," said Bronx Councilman Ritchie Torres, the bill's primary sponsor. "The legislation will help ensure that the civil forfeiture process is used legitimately.”

This bill requires the NYPD to report on an annual basis on data relating to the property and money the department obtains possession of in the course of an arrest. The bill requires the data be broken down to include the amount of money or the property obtained and retained, the reason why the property or money is being held by the department, and whether or not the rightful owners of the property or money have failed to redeem such money or property. Additionally, the bill requires the NYPD to report on any sale or disposition of money or property seized during an arrest that was retained by the Department.

This forces the NYPD to provide information proactively. It can no longer hide behind claims of faulty software or a particularly labyrinthine public records process. It won't force the NYPD to say how the money's being spent, but will at least provide more transparency and accountability. The new data should make it slightly easier to identify abuse and could assist those fighting to reclaim their property. All it needs is the governor's signature to make it official.

Each of the NSLs that we are publishing initially included an indefinite nondisclosure requirement that prohibited us from sharing any information about the letter or publicly acknowledging that we received an NSL.

We recently requested that these nondisclosure requirements be lifted, under the “reciprocal notice” procedures of the USA FREEDOM Act. More detail on the procedures that we followed is below.

In response to our requests, the FBI lifted the gag orders with respect to all information in each of the NSLs we are making available today. Before publishing the letters publicly, however, we decided to redact the following information from each letter: (1) the site URL about which the government requested information, (2) names of Automattic personnel to whom the request was addressed, and (3) name and contact information for the FBI personnel involved in making the information request.

We made these limited redactions in order to protect privacy interests. The NSLs are otherwise what we received when they were served onto us.

The five NSLs are identical. (PDF links included at the bottom of the Automattic post.) Automattic responded to four of those, but had none of the information requested for the fifth. After the gag orders were lifted by the FBI, Automattic informed the targeted users.

The boilerplate NSLs ask for far more info than the FBI's own legal guidance suggests it should be able to request. A 2008 DOJ legal memo says NSLs should be constrained to "phone billing records." The FBI has apparently decided to interpret this as any and all electronic transactional records when it comes to internet service providers. Here's what's requested in the Automattic NSLs:

Subscriber name and related subscriber information

Account number(s)

Date the account opened or closed

Physical and or postal addresses associated with the account

Subscriber day/evening telephone numbers

Screen names or other on-line names associated with the account

All billing and method of payment related to the account including alternative billed numbers or calling cards

All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and/or user names identified by you as belonging to the targeted account in this letter

The names of any and all upstream and providers facilitating this account's communications

This is where the FBI starts digging, apparently. By demanding all this info from a single service provider, the FBI can issue NSLs and subpoenas to a large number of additional third parties, even though the DOJ's legal guidance suggests the FBI's NSL requests should be far more constrained.

The recently-instituted challenge options are better than what was in place previously, but Automattic points out there's still plenty of room for improvement.

We also continue to believe that NSLs pose serious constitutional concerns, particularly because they indefinitely prevent companies like us from speaking about them, and informing our users or the public about the NSLs that we receive. The procedures used to lift nondisclosure requirements are flawed because they put the burden of seeking an end to secrecy almost entirely on the companies, like Automattic, who receive NSLs.

The FBI has almost zero legal obligation to perform proactive reviews of issued NSL gag orders. Recipients must spend their time and money challenging them. Fortunately, the challenge process now requires much less of these scarce resources. Automattic has its own boilerplate form for challenging boilerplate NSL gag orders -- one it's willing to share with any NSL recipient --- so we should be seeing more of these released in the near future.

Big win! To settle my lawsuit, NYPD has agreed to comply with critical component of NY Freedom of Information law

This is what we measure success with when it comes to FOIL and the NYPD: a victory is the department AGREEING TO FOLLOW THE LAW.

Stephan has been seeking information on the department's use of a sound cannon for crowd control. The NYPD, of course, had no interest in releasing these records. Central to the settlement is the department agreeing to accept FOI requests by email, something it's supposed to have been doing for more than a decade.

The man, Keegan Stephan, said in the suit that the department failed to justify withholding the records he requested and that a “policy and practice” not to accept or respond to Freedom of Information requests by email violated a 2006 provision of New York State law. Mr. Stephan also argued that by not allowing email requests, the police had increased “the time, effort, and expense involved” in obtaining records.

The department's settlement contains no admission of wrongdoing -- something common to government lawsuit settlements. This means it will accept zero responsibility for a decade-long run of FOI statute violations.

The "new" email request system will aid more New Yorkers in having their requests ignored by the NYPD. The NYPD's future use of email for FOI responses will ensure requesters are informed of denials in a much speedier fashion. The portal the NYPD is setting up on its website will provide instructions for requesters, as well as information on how to challenge denials and non-responses. If nothing else, the NYPD will be forced to follow the letter of the law a bit more closely, but it will take far more than a steady stream of FOI lawsuits for it to approach the law's spirit.

The NYPD has made a opacity a cottage industry. It has been dubbed the least responsive government agency in the US, worse than the CIA, FBI and NSA. It has developed an in-house classification system that allows pretty much anyone to designate almost any document "top secret" for almost any reason, and reached its nadir when it refused to release a copy of its FOIL response guidelines to a FOIL requester.

But this is an ugly victory -- one that should subject the department to a steady stream of ridicule. It takes a lawsuit to make a law enforcement agency follow the law. That's just depressing.

from the only-transparent-when-it-suits-Comcast dept

When Ajit Pai was first appointed as the new head of the FCC, he promised to be a stickler for transparency at the agency. And in one way he followed through, by making it standard operating procedure to now publish FCC orders a month before they're voted on (even though former staffers and consumer advocates believe he only did so to give ISP lobbyists more time to construct counter-arguments and their legal and policy assaults). Elsewhere, this supposed dedication to transparency has been decidedly lacking however, especially in regards to his efforts to repeal net neutrality protections.

When he first proposed killing popular net neutrality protections (pdf), he insisted he would proceed "in a far more transparent way than the FCC did" when it first crafted the rules in 2015. But Pai has also long tried to argue that a lack of broadband competition (and the resulting symptom of this disease that is net neutrality violations) isn't a real problem, despite the obvious, repeated evidence to the contrary.

There's of course some very solid evidence that can clarify whether or not net neutrality is a "solution in need of a problem," and that's the 47,000 (give or take) complaints consumers have filed with the FCC since the rules were passed in 2015. Back in May, the National Hispanic Media Coalition (NHMC) filed a Freedom of Information Act (FoIA) request to obtain copies of these complaints, and urged the FCC to extend the public comment period on the net neutrality proceeding for sixty days, providing time to analyze the data.

"The commission's Notice of Proposed Rulemaking (NPRM) that proposes overturning the net neutrality rules asks the public for comment on various issues. The NHMC points out that the document asks the public if there is "evidence of actual harm to consumers" or evidence that Internet access has improved since the net neutrality rules were approved. Those questions could be answered by releasing all the net neutrality complaints, the group says.

"These questions seek evidence that the Commission holds in its exclusive possession," the NHMC said in its motion for a delay.

Not too surprisingly, Pai's FCC is blocking the release of these complaints, insisting that providing public access to the complaints would be "unreasonably burdensome." The NHMC, also unsurprisingly, isn't particularly impressed with the agency's justification for withholding the complaints:

"The FCC's denial of our motion is shortsighted, denies the public critical information, and flies in the face of their acknowledgment that they have received over 47,000 open Internet complaints since the 2015 net neutrality rules were enacted. It should give the public pause that the agency with exclusive control over regulating Internet service providers refuses to share such information with the public. The information is within the FCC’s exclusive control and was completely ignored in the NPRM."

If you've been playing along at home, refusing to release valid user complaints outlining genuine net neutrality concerns runs in line with the agency's attempts to downplay public opposition to its proposal. That has also included turning a blind eye to fraud and abuse of the FCC's comment system, which is currently being filled with bot-crafted industry "support" for the FCC's tone-deaf plan. The goal, consistently, has been to downplay public support for net neutrality, while pushing the illusion that repealing the rules is anything more than a giant, shameless gift to AT&T, Comcast and Verizon.

And while Ajit Pai clearly thinks he can bulldoze his way through transparency and operational apathy concerns, these are all certain to come up again during the inevitable lawsuits against the agency -- all of which will highlight how Pai and friends blatantly ignored the public interest to the exclusive benefit of a handful of extremely-unpopular duopolists.

from the poor-Theresa-May-doesn't-stand-a-chance dept

We're big fans of transparency around here, as you may have noticed. In particular, Techdirt has repeatedly called for trade deals to be negotiated more openly to allow greater input from the public -- and less backlash when they find out what has been agreed without them behind closed doors. But a fascinating post from the Institute for Government, a UK-based think-tank "working to make government more effective", points out that aggressive transparency can also be used to gain the advantage during high-level political negotiations.

In this case it is the critical "Brexit" negotiations between the EU and the UK that will determine their future relationship if and when the UK leaves the European Union. The stakes are incredibly high: the financial implications alone run into hundreds of billions of euros. Moreover, the UK's place in the world is also at play, as it extracts itself from the biggest geopolitical bloc in an attempt to go it alone. As the post points out, the approaches taken by the EU and the UK could hardly be more contrasted:

The European Council [one of the key EU bodies setting strategy] has published its "transparency regime" for the Brexit negotiations, committing the EU to a far greater degree of transparency than anything that we have seen in the UK. It sets out the ten classes of documents that could be issued by the Council, the [European] Commission and [EU] member states, along with a default level of public disclosure for each.

The UK government, by contrast, has said rather sniffily it would not be offering a "running commentary on Brexit negotiations", and aims to keep its plans totally under wraps. The Institute for Government points out that this is a big mistake:

The EU wants to be able to control the public narrative around Brexit. Two weeks ago, the EU published its draft negotiating mandate. Its proposals on the prerogative of the European Court of Justice, the rights of EU citizens in the UK and the sequencing of the negotiations were in all the UK papers. Having taken a self-imposed vow of secrecy, Prime Minister Theresa May was unable to respond to any of the issues of substance.

In other words, 500 million Europeans are only hearing the EU's side of the story, and the EU's views on what should happen during Brexit. Theresa May's secrecy means that she cannot rebut any of the assertions, nor offer her own vision (cynics say that is because she has neither a vision nor a plan….) The post points out that the EU's approach is not naïve or simplistic, but carefully planned and nuanced -- open for this aspect, but more reticent elsewhere:

A degree of secrecy is necessary to allow negotiators the space to think innovatively, to propose and weigh potential compromises. So, the EU stops short of a commitment to total transparency. It wants talks to be open, but not wide open.

The UK on the other hand wants to run as much of the negotiations behind closed doors as possible. That may just be the preferred operating style of this government or it may be a conscious decision. Whatever the reason, it will play right into the EU's hands.

It's a perceptive analysis that adds to the already compelling reasons why such high-level talks should be open and transparent as a matter of course. It's a pity that the one person who needs to take heed of that fact -- the UK's Prime Minister -- almost certainly won't. Both she and the country she nominally controls are likely to pay a high price as a result.

from the granular-reporting-sinks-ships dept

Twitter's First Amendment lawsuit against the government for limitations on National Security Letter reporting will be allowed to continue. This is good news for Twitter -- and the general public -- although it's somewhat disheartening to see things have only moved this far in the three years since the lawsuit was filed.

Reporting on NSLs is limited to "bands." A social media service receiving three NSLs has to report it as "0-499." The same goes for a service that receives 300 NSLs over the same period. Twitter is fighting to have these "bands" removed, in order to more accurately report the number of NSLs it receives.

So far, the government's arguments for leaving the bands in place have been as vague as the information tech companies are allowed to release. It asserts -- without evidence -- that reporting the actual number of NSLs (or FISA orders) will harm national security. The fact that NSLs are accompanied by indefinite gag orders grants the government an insane amount of opacity relative to the level of oversight these NSLs receive. NSLs are administrative documents the FBI (and other agencies) can issue themselves, which receive no impartial scrutiny from judges or anyone outside the issuing agency.

The government's attempt to dismiss this lawsuit has failed, so Twitter will be allowed to move forward with its First Amendment lawsuit. The opening of the opinion [PDF] makes it clear the DOJ going to need to come up with a better argument if it hopes to keep this banded opacity in place. (via Ars Technica)

The Court finds the Government has not met its high burden to overcome the strong presumption of unconstitutionality on the record before the Court. The Government’s restrictions on Twitter’s speech are content-based prior restraints subject to the highest level of scrutiny under the First Amendment. The restrictions are not narrowly tailored to prohibit only speech that would pose a clear and present danger or imminent harm to national security. The Government argues that the limitations imposed on Twitter are necessary because disclosure of data concerning the number and type of national security legal process that it received in a time period would impair national security interests and is properly classified. However, the Government has not presented evidence, beyond a generalized explanation, to demonstrate that disclosure of the information in the Draft Transparency Report would present such a grave and serious threat of damage to national security as to meet the applicable strict scrutiny standard.

An unclassified declaration by the director of the FBI's national security branch appears to form the basis for the assertions the court finds lacking. It's basically what's covered above: the information is "properly classified" and releasing it would do damage to national security. Other arguments along the same lines are applied to granular disclosure of received FISA orders. The DOJ points out the First Amendment does not allow possessors of classified information to share it freely.

[T]he Court does not agree with the Government’s position that simply determining information meets the requirements for classification under Executive Order 13526 ends the Constitutional analysis. That the information is classified is not, in itself, a sufficient basis for the Government’s prohibition on its disclosure…

The First Amendment requires strict scrutiny of content-based restrictions and prior restraints, regardless of the Government’s basis for nondisclosure.

It's not just the DOJ's public arguments that suck. The court points assertions made behind closed doors have also done nothing to justify the prior restraint.

Here, the declarations of Steinbach, both in camera and public, fail to provide sufficient details indicating that the decision to classify the information in the Draft Transparency Report was based on anything more specific than the reporting bands in section 1874 and the FBI’s position that more granular information “could be expected to harm national security.” The declarations do not provide an indication of grave or imminent harm arising from the disclosures in the Draft Transparency Report. Rather, the concerns raised to relate to the overall concern from one or more of any electronic communication service regardless of the specific provider or circumstance. Merely declaring a view that more granular reporting would create an unacceptable risk does not make it so, especially in light of the Government’s acknowledgement of the strong public interest in the information.

The government is apparently so used to receiving judicial deference it didn't bother to do much more than recite its national security mantras.

Rather, the declaration largely relies on a generic, and seemingly boilerplate, description of the mosaic theory and a broad brush concern that the information at issue will make more difficult the complications associated with intelligence gathering in the internet age.

If the DOJ has an actual, articulable reason for forbidding more precise transparency reporting, it has yet to deliver this argument to the court. However, it's had three years to do so and hasn't produced anything yet. It appears to feel the court should make with the NATSEC deference and toss the case. Now, it's actually going to need to produce some evidence that granular reporting will harm intelligence gathering or harm the nation.

from the no-transparency-for-you dept

Another day, another bad copyright ruling out of Germany. What's up with Germany these days? Specifically, the court has barred Google from linking to the Lumen Database when it takes down content. This is bad on a variety of levels, but first some background: Lumen Database is what was formerly known as "Chilling Effects" -- a site to catalog DMCA and other kinds of takedowns (though most people focus on the DMCA ones). It has been tremendously useful over the years in all sorts of ways, especially concerning academic research into how the DMCA takedown process is actually working. It's often how we discover examples of takedown abuse.

However, for many years, the legacy entertainment industry has complained (and complained and complained) about the very existence of the Lumen Database. Their main (stated) reasoning is that it creates a database of links to infringing material -- though I'm sure the fact that it's been so useful in highlighting all of the abuse of the DMCA takedown process is a secondary (though less publicly admitted) reason for why they dislike it so much. The problem with this complaint is that there is literally zero evidence that Lumen Database is regularly used as a source for infringing materials. If you ask people who focus on this stuff, it's just not a site that comes up. Because it's really not particularly useful for that kind of thing. Either way, Lumen Database has made some efforts to reduce the visibility of links in its database in an attempt to mollify complainers.

But the anger ratcheted up even more once Google attempted to provide more transparency into the takedowns it receives and how it deals with them. Among the things Google has done is forward all of its takedown notices to the Lumen Database, release a special transparency report focused specifically on copyright takedowns (and letting people search through its database), and finally also then linking to the takedowns in the Lumen Database when it does remove content. The reasoning for this is completely obvious and sensible. If content is being removed, it is appropriate to learn why. The takedown notice provides those details and also helps people make sure that when the takedown notices are abused for censorship, it is more quickly discovered and fixed.

However, again, this linking from Google to Lumen Database has completely freaked out a segment of the copyright maximalist community -- as they insist that people are doing searches, failing to find what they want, clicking the little link to Lumen and then skimming the takedown letter to find the URLs where the content they want supposedly exists. Again, there is little evidence that this is happening at all, let alone on a wide scale. For what it's worth, it does appear that when takedowns target Google, many also target the original source, which takes down the original as well, meaning there's nothing at the links anyway.

Apparently, none of this much mattered to the court. It bought the silly line how this might be used for finding infringing content and ran with it. This particular case doesn't even involve copyright infringement, but a takedown demand from a company that was upset about the way the Google snippet appeared -- which already sounds pretty crazy. From the IP Kitten site linked above:

The claimant in this case is a German company. When entering the combination of the company‘s name and the words ‘suspected fraud’ (original: ‘Betrugsverdacht’) in a Google search, the results would show four snippets containing the company’s name and the words ‘suspected fraud, public prosecutor is investigating’ as news headlines. However, the company was not being investigated for fraud (§ 263 StGB - German criminal code), but for investment fraud (§ 264a StGB). While both crimes are fraud-related, the legal requirements for investment fraud are very different from regular fraud. In particular, in case of investment fraud, no deception needs to have taken place (yet) and no damage needs to have occurred.

Thus, the statement that the company was being investigated because of fraud was false. Under German law, making such a false claim about a company could infringe the company‘s right of publicity. This led to a first court case between the parties, in which Google was ordered by the regional court of Munich (case no. 25 O 3214/17) to stop showing the website(s) with the infringing text in its search results.

Again, think through the circumstances here. (1) This wasn't when you searched on the company name, but only the company name plus "suspected fraud." (2) The company was being investigated for investment fraud, but apparently a different kind of fraud than just plain old "fraud" and somehow that was a problem? (3) Anyone who did this search could then do their own research to figure out the situation. Google shouldn't be responsible for people failing to read or research the details. But, no, the court ordered Google to remove. This seems like fairly blatant censorship of information that could be quite useful to the public.

Either way, after Google lost the original case, it removed the snippet and forwarded the details to Lumen, as it does with all takedown demands. And the company at issue went back to court to complain about this fairly basic level of necessary transparency. And while Google won the first round, on appeal, the court went the other way. Back to IP Kitten:

the Higher Regional Court found that Google’s main function that needs to be considered here is not the provision of a (direct) hyperlink to the infringing statement, but rather the provision of a search function that enables users to find the (otherwise hard to find) website. By presenting its users an explanation about the deleted search result, combined with a hyperlink to the Lumen website where the deleted search result could be clicked, Google (still) enabled users to find and read the infringing statements, even after being ordered by a court to discontinue doing so. The court found that it made no difference whether one or two clicks are needed to get to the result.

The author at IP Kitten thinks this result makes sense, but I can't see how it makes any amount of sense at all. Beyond the problems discussed above, the issue here is again about a just slightly misleading claim made by a third party who has nothing to do with this lawsuit. If the company has an issue, it should be with that party, and not Google, who is just one tool to find stuff online, and which already required a convoluted search to find. The fact that, in an effort to be transparent, a user might have to jump through a bunch of additional steps just to find an article isn't a problem. Again, people should do their own research. Google shouldn't be responsible for someone failing to do that.

But, it appears, in Germany, Google now is responsible for making sure that you don't read badly written articles.

from the perfectly-legal-obfuscation dept

Barack Obama promised the "most transparent administration ever," then spent years undermining his own promise. The Trump Administration has made no such promises (other than "if you don't like your Forever Wars, you can keep them...") but it's working overtime to make the faux transparency of the Obama years look like a high water mark in government accountability.

Multiple federal agencies are no longer allowed to communicate directly with the public through social media accounts. Anything posted must be approved by administration staff. Open.gov is shut down and Trump has decided against following in his predecessor's footsteps, refusing to release White House visitors' logs.

The release of the logs was Obama's idea. Nothing in the law compels release of this information. Trump's refusal aligns him with many former presidents, but not with the public's increasing transparency expectations. There was no exploitation of a loophole by Trump. Just a decision to restrict this administration to what the law says must be done, not what his constituency might expect.

The chairman of the House Committee on Financial Services sent a letter last month to the head of the Treasury Department instructing him to decline Freedom of Information requests relating to communications between the two offices, a letter that open records advocates called "deeply troubling."

[...]

The letter reads that since the Committee on Financial Services has legislative and oversight jurisdiction over the Treasury Department, all records of communication between the two offices and any documents produced remain in the committee's control — even when in the physical possession of the Treasury Department.

"The Committee expects that the [Treasury Department] will decline to produce any such congressional records in response to a request under the Freedom of Information Act or any other provision of law agreement," the letter states.

This blanket FOIA refusal instruction wasn't limited to the Treasury Department. The Associated Press obtained similar letters sent to a number of other agencies under the House Finance Committee's control, including the Consumer Finance Protection Board, FEMA, and the FDIC.

As the letter points out… scratch that. It doesn't. It's only after reading the letter that you arrive at this unwritten conclusion. FOIA law exempts many congressional "records" from being liberated with FOIA requests. This includes communications between Congress and more FOIA-responsive agencies. One end -- the end with the most power -- can fully control the release of communications involving other agencies. This is all due to [ta-da!] laws Congress wrote and passed. You see how that works?

So, we can be irritated (and rightly so) that this appears to be more opacity meant to separate us from our public servants and separate our public servants from accountability, but unfortunately, this is all very lawful -- a word deployed most frequently to defend actions which appear to be illegal. And here is the expected deflection:

"Congresswoman Waters has known about these letters for more than a month and she never raised any objections or said anything about them until a reporter asked," committee spokesman Jeff Emerson said in a statement.

"Here’s the truth: The position taken by the Committee is fully consistent with the legal position Republicans and Democrats have jointly taken for over three decades to protect Congressional records."

The problem here is the law. And the law must be changed by legislators -- the very group least likely to order itself to be more transparent. As for the argument about opacity = better oversight? May I direct your attention to four years of leaked surveillance documents illustrating just how meaningless the term "oversight" is.

from the because-'Slightly-Less-Opacity-Report'-doesn't-have-the-same-ring dept

Before we dive into the latest IC transparency report [PDF] from the Office of the Director of National Intelligence, let's take a moment to recognize the small miracle that it even exists. If NSA contractor Ed Snowden hadn't decided to color outside the official whistleblowing lines, we'd still be expected to put our complete trust in the government with zero evidentiary support.

One of the first misleading numbers in the report is the supposed single search of the NSA's 702 collections by the FBI for non-terrorism-related purposes. According to the report, this happened exactly once. But that's actually not true. The FBI makes far more frequent use of NSA data for non-terrorism investigations. It just does it in a way that won't show up in the IC's transparency report. Parallel construction is the FBI's friend.

FBI’s querying system can be set such that, even if someone has access to 702 data, they can run a query that will flag a hit in 702 data but won’t actually show the data underlying that positive return. This provides one way for 702-cleared people to learn that such information is in such a collection and — if they want the data without having to report it — may be able to obtain it another way. It is distinctly possible that once NSA shares EO 12333 data directly with FBI, for example, the same data will be redundantly available from that in such a way that would not need to be reported to FISC.

So, there's that bit of obfuscation right off the top. And the FBI isn't the only agency using an ostensibly foreign-facing collection to obtain information about US persons. The CIA -- an ostensibly foreign-facing agency -- does this as well. The FBI doesn't count its dips into the NSA haystacks. Neither does the CIA. The report shows 30,000 searches of unminimized US persons' data occurred last year. That number doesn't include the FBI's searches (because the FBI doesn't report its searches) and is quite possibly much, much higher than what's reported. This is only a good faith estimate by the IC, using software, rather than any form of reporting from the CIA.

NSA will rely on an algorithm and/or a business rule to identify queries of communications metadata derived from the FAA 702 [redacted] and telephony collection that start with a United States person identifier. Neither method will identify those queries that start with a United States person identifier with 100 percent accuracy.

As Wheeler points out, it could be 30,000… or 3 million… or 3 billion searches. No one knows. By the time the CIA's required to count its US persons searches, it will likely perform most of its searches under Executive Order 12333 authorities, rather than the more closely-watched Section 702.

Finally, there's a really big number contained in the report. It looks amazingly high, but might be indicative of not much surveillance activity at all, at least not in the entire scheme of things. According to the report, the NSA was able to scoop up 151 million "call detail records (CDRs)" using only 42 selectors.

Read in the (lack of) context in the report, this would look like pure bullshit. There's no way 42 terrorism suspects (and their 3,150 one-hop "friends") are making 130 calls a day. (Or, if they're only talking to each other, 65 calls a day.)

If these were phone calls between just two people, then if our terrorist buddies only spoke to each other, each would be responsible for 24,000 calls a year, or 65 a day, which is certainly doable, but would mean our terrorist suspects and their friends all spent a lot of time calling each other.

The number becomes less surprising when you remember that even with traditional telephony call records can capture calls and texts. All of a sudden 65 becomes a lot more doable, and a lot more likely to have lots of perfectly duplicative records as terrorists and their buddies spend afternoons texting back and forth with each other.

With this, 151 million records looks less like full-blown exploitation of this surveillance authority and something possibly more targeted than the NSA's used to. Then again, it could mean the NSA is sweeping up 65 innocent Americans every day of the year with its CDR demands. There's simply no way to tell.

But CDRs include all "call events," which include a whole lot of related metadata having nothing to do with voice calls.

A CDR is defined as session identifying information (including an originating or terminating telephone number, an International Mobile Subscriber Identity (IMSI) number, or an International Mobile Station Equipment Identity (IMEI) number), a telephone calling card number, or the time or duration of a call.

Further trimming down this seemingly large number are two other aspects of the collection. Records obtained previously by the agency are included in this count, as well as junk metadata related to past selectors that may not be returning any current records.

That means our 3,192 targets and friends might only have had 48 calls or texts a day, without any duplication.

Which is a completely believable number of calls and texts between surveillance targets. The breathtaking 151 million records is suddenly a more manageable number that actually *gasp* looks as though the NSA is engaging in truly targeted collection.

But before we get carried away with the NSA's new "maybe collect a little less than it all" approach to surveillance, we need to remember this only covers a very small part of the NSA's collection activities.

[W]e need to understand the 65 additional texts — or anything else available only in the US from a large number of electronic communications service providers that might be deemed a session identifier — a day from 42 terrorists and their 3150 buddies [is] on top of the vast store of EO 12333 records that form the primary basis here.

Because (particularly as the rest of the report shows continually expanding metadata analysis and collection) this is literally just the tip of an enormous iceberg, 151 million edge cases to a vast sea of data.

That's what we're really dealing with here, unprecedented transparency or no: there is a vast surveillance apparatus operating in near-complete darkness, authorized by a presidential executive order and subject to almost zero oversight. Whatever concessions the NSA makes in relation to Section 702 in the upcoming months, its biggest collections will remain untouched. Unless something changes dramatically, the potential for constitutional violations and agency abuse remains unchanged. And, unless something changes dramatically, it will remain unseen.